Cyber criminals are ruthless. They want your identity, your money, your data.

As they look to exploit the anxiety around COVID-19 pandemic, we've seen the number of cyber incidents rise exponentially.

More than four in 10 organizations across 83 countries in KPMG International's new Global CIO survey said they experienced an increase in security or cyber incidents, resulting from the massive shift to remote working during the pandemic. The most-common attacks were spear phishing, which is a more targeted form of phishing that's also known as business email compromise, and malware attacks. Anecdotally, we've also seen a spike in ransomware attacks.

The publicity around cyberattacks helps raise awareness and reminds everyone to take stock of, or enhance, their cyber defences. But, as we're seeing, it's a double-edged sword. The highly publicized cases can be potentially damaging from both a financial and reputational perspective, and lead to an erosion of trust.

When we asked Canadians in a recent survey how concerned they are over the barrage of recent cyberattacks, 90 per cent of the respondents told us they are worried about sharing their personal or financial information with any organization that's been cyberattacked or suffered a data breach. Worryingly, our survey found that a quarter of respondents had their login credentials stolen from a trusted site, with that number climbing to 34 per cent for those aged 18 to 34.

Eighty-four per cent said they would "definitely reconsider" doing business with companies that had a data breach, and more than three in five say they "can no longer trust" the government to keep their information safe. While most have faith in their organization to safeguard their data, nearly two in five are not confident their personal information can be kept safe and the vast majority want more transparency and control.

The poll findings are striking, for they show just how much of an issue data protection has become for Canadians.

With awareness comes higher expectations. The bar is now rising fast, at the very time when every private- and public-sector organization is under stress with pandemic protocols and facing a myriad of cyber incidents.

The new reality

We are all prey to cybercrime at some point in our online lives.

The new reality in which we're living demands that every organization take a much more proactive approach to cybersecurity—whether it's investing in more resources, running more cyber response simulations, or spending more time on education.

The growing sophistication and brazenness of cybercrooks makes it nearly impossible to eliminate cybersecurity risk. Organizations must continue to focus their time, effort, and resources on how best to manage that risk—not on a losing battle to eliminate it.

We have been working closely with the World Economic Forum's Center for Cyber Security, helping to create a set of five principles to help cybersecurity leaders prepare for the new reality. I encourage you to explore further our insights on how to build a more cyber resilient organization, and leave you with a few basic, yet fundamental tips:
 

1. Apply a business lens to cybersecurity by working with management to help them better understand the implications of a breach to bolster support for cyber initiatives, such as employee training and education, funding, and resources.
2. Establish governance and accountability through an organizational cybersecurity function tasked with reducing risk and increasing resilience.
3. Identify your 'crown jewels' and classify them based on their criticality to ensure the appropriate level of resources to guard against, and respond to, a cyber incident.
4. Educate and raise employee awareness by training employees to stay vigilant for cyberattacks and learn good cyber hygiene.
5. Build resilience by developing incident response and business continuity plans and testing them. Run simulations. Planning helps prepare leadership and the organization to better organize, mobilize, and respond to a breach when it does happen.

Stay tuned for more in my future blogs.